Search

2023 top routinely exploited vulnerabilities   Advisory

Nov 13, 2024 - This advisory provides details, collected and compiled by the authoring agencies, on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations (CWEs). Malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks in 2023 compared to 2022, allowing them to conduct operations against high priority targets.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the following recommendations, and those found within the Mitigations section of this advisory, to reduce the risk of compromise by malicious cyber actors.

Guidelines for evaluated products   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on evaluated products.

Mitigation strategies for edge devices: Practitioner guidance   Publication

Feb 4, 2025 - This publication expands on Mitigation strategies for edge devices: executive guidance. It provides IT practitioners with a list of mitigation strategies for the most common types of edge devices and appliances across enterprise networks and large organisations.

Email hardening  

Apr 11, 2023 - This page lists publications on the hardening of message exchange via electronic mail.

Ransomware Playbook   Guidance

Oct 10, 2024 - This interactive guide is here to assist you with taking all of the appropriate steps to prepare for, respond to and recover from a ransomware incident.

Preparing for and responding to denial-of-service attacks   Publication

Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.

Guidelines for cybersecurity incidents   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity incidents.

Review your email account security   Guidance

Feb 19, 2025 - How to check your email account security for Gmail and Outlook.

Guidelines for cryptography   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cryptography.

Cyber threat actors compromising networks of major global telecommunications providers    News

Dec 4, 2024 - New guidance is available for network defenders of communications infrastructure to strengthen visibility and harden devices against PRC-affiliated and other malicious cyber actors.

Cloud Services   Program page

Feb 24, 2023 - The Cloud Services Certification Program (CSCP) ceased on 2 March 2020. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) ceased the Certified Cloud Services List (CCSL) on 27 July 2020 and concurrently released the Cloud Security Guidance package.

Cybersecurity incident response planning: Practitioner guidance   Publication

Dec 12, 2024 - ASD defines a cybersecurity incident as an unwanted or unexpected cybersecurity event, or a series of such events, that has either compromised business operations or has a significant probability of compromising business operations.

Preventing Web Application Access Control Abuse   Advisory

Jul 28, 2023 - The Australian Cyber Security Centre (ACSC), U.S. Cybersecurity and Infrastructure Security Agency (CISA), and U.S. National Security Agency (NSA) are releasing this joint Cybersecurity Advisory to warn vendors, designers, and developers of web applications and organizations using web applications about insecure direct object reference (IDOR) vulnerabilities.

Cyber supply chain risk management   Publication

May 22, 2023 - All organisations should consider cyber supply chain risk management. If a supplier, manufacturer, distributor or retailer (i.e. businesses that constitute a cyber supply chain) are involved in products or services used by an organisation, there will be a cyber supply chain risk originating from those businesses. Likewise, an organisation will transfer any cyber supply chain risk they hold to their customers.

Are your organisation’s edge devices secure?   News

Feb 5, 2025 - New publication series for executives and IT practitioners on how to secure edge devices.

Modern defensible architecture   Publication

Feb 10, 2025 - Modern defensible architecture is the first step in Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC)’s push to ensure that secure architecture and design are being considered and applied by organisations in their cybersecurity and resilience planning.

2021 Top Malware Strains   Advisory

Aug 5, 2022 - This joint Cybersecurity Advisory (CSA) was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC).

U.S., U.K., and Australia Issue Joint Cybersecurity Advisory   News

Jul 28, 2021 - Cyber Agencies Share Top Routinely Exploited Vulnerabilities

Secure by Design  

Jul 22, 2024 - Secure by Design is a proactive, security-focused approach to the development of digital products and services that necessitates a strategic alignment of an organisation’s cybersecurity goals. Secure by Design requires cyberthreats to be considered from the outset to enable mitigations through thoughtful design, architecture and security measures. Its core value is to protect consumer privacy and data through designing, building, and delivering products with fewer vulnerabilities.

Identifying cyber supply chain risks   Publication

May 22, 2023 - This guidance has been developed to assist organisations in identifying risks associated with their use of suppliers, manufacturers, distributors and retailers (i.e. businesses that constitute their cyber supply chain).

Connecting with others online   

Jul 30, 2024 - It is easier than ever to stay in contact with people online. However, using popular online apps and tools can make you more susceptible to cybercriminals.

COVID-19 Malicious Scams - Threat Awareness and Guidance   Advisory

Mar 27, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has produced a detailed report, including practical cyber security advice that organisations and individuals can follow to reduce the risk of harm.

Secure your Apple macOS device   Guidance

Nov 29, 2024 - Your Apple macOS device often holds your most important data. Use these simple steps to protect your device from cyberattacks.

Fast Flux: A national security threat   Advisory

Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.

BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors   Advisory

Apr 9, 2025 - This advisory is jointly produced by government agencies from the UK, Australia, Canada, Germany, New Zealand, and the US and is supported by members of the NCSC’s Cyber League. Its purpose is to raise awareness about the growing threat that malicious cyber actors pose to individuals connected to topics including Taiwan, Tibet, Xinjiang Uyghur Autonomous Region, democracy movements and the Falun Gong.

Protect your children online: A guide to cybersecurity for parents and carers   Guidance

May 2, 2024 - The steps in this guide can help you ensure that your children stay safe and secure online.

Web conferencing security   Publication

Oct 6, 2021 - Web conferencing tools are essential for meeting with colleagues and clients online. This guide provides tips on how to choose a secure web conference provider, and what risks to be aware of.

Guidelines for cybersecurity roles   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on cybersecurity roles.

Update your small business cyber security   News

Jun 12, 2024 - Resources to help protect small businesses from cyber threats.

Using the Information security manual   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on using the ISM.